Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Pulverizr Project Subscribe
Filtered by product Pulverizr
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7604 1 Pulverizr Project 1 Pulverizr 2021-07-21 7.5 HIGH 9.8 CRITICAL
pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command.